Bugtraq mailing list archives

Re: Responses to syslogd killing

From: zack () RABI PHYS COLUMBIA EDU (Zack Weinberg)
Date: Tue, 21 Oct 1997 17:25:44 -0400


On Tue, 21 Oct 1997 14:45:01 -0400, lb wrote:

 Also, alot of people are under the impression that this has nothing
to do with DNS.  I tried it many times to make sure, because it seemed
exploitable to me.. I would watch the syslog message come in, watch
the DNS query go out, and then watch syslogd die.  If I inserted a DNS
entry for the IP in question, syslogd would query and work fine.. if I
removed the DNS entry again, syslogd would crash.  Perhaps you're right..
but I'll stick to my assumption.  hoho.


I have encountered this bug too.  It can crop up in benign situations
such as when you have an HP network printer with no name configured to
do network logging.  In this case it suffices to add an entry to
/etc/hosts to prevent the bug -- probably the code neglects to check
the return value of gethostbyaddr().

zw

Current thread:

Remotely kill Solaris syslogd lb - STAFF (Oct 21)
- Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Oops: Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Responses to syslogd killing lb (Oct 21)
  - Re: Responses to syslogd killing Zack Weinberg (Oct 21)
- <Possible follow-ups>
- Re: remotely kill solaris syslogd Chris Wilson (Oct 21)
  - Re: remotely kill solaris syslogd Paul Tatarsky (Oct 23)
  - IRIX /var/inst/patchbase Paul Tatarsky (Oct 23)
    - Re: IRIX /var/inst/patchbase Alain Renaud (Oct 25)
    - KSR[T] Advisory #004: printfilter / groff / lpd KSR[T] (Oct 25)